KeyLogger.com
  
Technical Support
Home
Products
Free Downloads
Order
Technical Support
Contact us
News

Invisible KeyLogger Stealth for Windows NT
 Frequently Asked Questions (FAQ)

1. What is IKS NT and how does it work?

2. What are the differences between IKS NT and the keystroke recorders from other companies that claim to work under Windows NT?

3. Why sometimes it takes a while for the binary log to be updated?

4. How "stealthy" is IKS NT?

5. How do I get rid of the eyes icon from the desktop after I installed it with the automatic installer?

6. How do I delete the old keystroke log?

7. How do I manually uninstall IKS NT after I manually installed it?

8. How do I remotely install IKS and how do I write a script to install IKS?

9. How do I remotely retrieve the log?

1. What is IKS for Windows NT and how does it work?

IKS is a Windows NT kernel-mode driver that runs at the lowest level of Windows NT operating system. It captures keystrokes before Windows NT even "sees" it.   That's why even the trust path "alt-ctrl-del" logon is captured. IKS NT has received  favorable reviews from some of the largest security consulting groups in the United States.

2. What are the differences between IKS NT and the keystroke recorders from other companies that claim to work under Windows NT?

The core of IKS NT is a high-performance kernel-mode driver that runs silently at the lowest level of NT. The core of other keystroke recording programs is a dynamic-link library (DLL) based on a Windows message hook. Due to the limitations of message hooks, many keystrokes cannot be recorded. Such as keystrokes into the "trusted-path" (alt-ctrl-del login), keystrokes into AOL and many internet programs, keystrokes into a Java chatroom in Netscape Navigator and so on.
It's impossible for a regular DLL-based  program to hide itself in process menu under NT. So those programs are easy to detect and terminate. IKS, meanwhile, is almost impossible to detect once the program file and the log file are renamed.
Also, a DLL-based program using a message hook takes up a lot of system resources, and sometimes can slow NT down significantly and cause mysterious crashes. 

3. Why sometimes it takes a while for the binary log to be updated?

IKS NT has an internal memory buffer of 100 keystrokes. In order to increase performance of the system, the program won't dump the buffer to the disk until it is full or if the keyboard is idle for about 3 minutes with keystrokes in the buffer. When the system is shutting down, however, the program will dump the buffer immediately if there is any keystrokes in it.

4. How "stealthy" is IKS NT?

Very. As a matter of fact, after the log file and the program file are renamed, it's VERY difficult, if not impossible, to find out that it's running.

5. How do I get rid of the eyes icon from the desktop after I installed it with the automatic installer?

The eyes icon is placed on the desktop for your convenience by the automatic installer. You can simply left click once on the icon and press the "Delete" key on your keyboard to delete it.

6. How do I delete the old keystroke log?

Check the "Delete Binary Log Upon Exit" in your Datview viewer, then exit.

7. How do I manually uninstall IKS NT after I manually installed it?

Type in "regedt32" in Run... of Start button (without quotes), double click "HKEY_LOCAL_MACHINE", then "SYSTEM", then "CurrentControlSet", then "Services", find the "iks" entry and delete it.

8. How do I remotely install IKS and how do I write a script to install IKS?

Due to security reasons, we don't publish this here. Please email support@amecisco.com if you are interested.

9. How do I remotely retrieve the log?

Thru A Network Connection:
If you have file access to the target computer thru a network connection, you can simply copy the binary log file over and decode it on your own machine.
Thru Email: 
You can retrieve the log via our free StealthMail utility. StealthMail will periodically send you an email with any file attachment (in this case, set up StealthMail to send the iks.dat). StealthMail can also be set to remain invisible on the target machine. And you can set up StealthMail to reset the binary log file periodically after successfully sending the file.

 

Home   |   Products   |   Free Downloads   |   Order
Tech Support  | Contact | News | Custom Solutions & Consulting